===================================================================== CERT-Renater Note d'Information No. 2006/VULN552 _____________________________________________________________________ DATE : 13/12/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Windows Media Format version 7.1 Series Runtime to 9.5 Series Runtime. ====================================================================== MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) Affected Software: - Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions: - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1 - Microsoft Windows Server 2003 x64 Edition - Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions: - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 x64 Edition - Microsoft Windows Media Player 6.4 - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1 - Microsoft Windows Server 2003 x64 Edition Full MS06-078 Advisory: http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx Vulerability Details Windows Media Format ASF Parsing Vulnerability CVE-2006-4702 A remote code execution vulnerability exists in Windows Media Format Runtime due to the way it handles Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an e-mail message with malicious content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Windows Media Format ASX Parsing Vulnerability CVE-2006-6134 A remote code execution vulnerability exists in Windows Media Format Runtime due to the way it handles certain elements contained in Advanced Stream Redirector (ASX) files. An attacker could exploit the vulnerability by constructing a specially crafted ASX file that could allow remote code execution if a user visits a malicious Web site, where specially crafted ASX files are used to launch Windows Media player, or if a user clicks on a URL pointing to a specially crafted ASX file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================